CyCraft
Published in

CyCraft

Who is MITRE?

MITRE’s new sign in front of their Bedford, MA campus in Oct. 1963. (Source: https://www.mitre.org/)

NOTE: This article has been translated into English from the original Medium article in Chinese and added upon.

Upon hearing about CyCraft’s participation in the MITRE ATT&CK® APT29 Evaluations, many organizations in Asia were not only confused as to who the MITRE organization is but were also unsure how to pronounce “MITRE”. (Transliterated in Chinese as 埋特).

FFRDC?

In short, MITRE is a not-for-profit organization based in Bedford, Massachusetts (US) and McLean, Virginia (US). MITRE operates federally funded research and development centers (FFRDCs) to assist the United States government with scientific research, development, and systems engineering.

FFRDCs currently operated by MITRE include:

https://youtu.be/7skHl7SxbRM

Cold War Origins

At the height of the Cold War between the U.S. and the U.S.S.R., MITRE was formed in 1958 to provide guidance over the construction of the U.S. Air Force Semi-Automatic Ground Environment (SAGE) air defense system. SAGE was a system of computers and networking equipment tasked with coordinating data from multiple radar sites and producing a single unified image of the airspace; the project’s deployment cost exceeded the Manhattan Project — the R&D project that led to the first nuclear weapon.

SAGE would direct the North American Air Defense Command (NORAD) response to an air attack from Soviet Russia. A SAGE operator would use their light gun to select targets on their radar screen for further information, contact the defense resources in that area, and issue commands to attack.

(Source: https://www.wired.com/2013/09/ibm-sage/) SAGE operator using the light gun.

FUN FACT: SAGE consoles came with built-in cigarette lighters and ashtrays located in the bottom left-hand corner.

Most of the early employees of MITRE came from Lincoln Labs at the Massachusetts Institute of Technology (MIT), where SAGE was being developed; hence, MITRE being based in Bedford, Massachusetts — a 30-minute drive from MIT.

Cyber Projects

In addition to operating The National Cybersecurity FFRDC, which is sponsored by the U.S. National Institute of Standards and Technology (NIST), MITRE also operates the Common Weakness Enumeration (CWE) project as well as the Common Vulnerabilities and Exposures (CVE) system. As of 1999, MITRE has functioned as the editor and primary CNA of the CVE system — the industry standard for vulnerability and exposure names.

In response to the ongoing rise of cyberattacks, MITRE released the MITRE ATT&CK framework in 2015. ATT&CK is a globally-accessible, living framework of observed and known adversarial tactics, techniques, and procedures (TTP) used by advanced persistent threats (APTs) and other cybercriminals in the wild. ATT&CK is also working to standardize the often chaotic naming of threat groups whose attack techniques the framework is derived from.

ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. The framework is a matrix of intrusion techniques categorized into 12 different tactics.

As of May 2020, ATT&CK currently has four main matrices: PRE-ATT&CK, Enterprise, Mobile, and its most recent addition, ICS. The Enterprise ATT&CK matrix, the most commonly referenced matrix, combines four separate matrices: Windows, macOS, Linux, and Cloud.

Since its release in 2015, ATT&CK has become one of the most referenced and most respected resources in cybersecurity. The Enterprise ATT&CK matrix currently lists 226 unique adversarial techniques from the shell scripts .bash_profile and .bashrc to XSL Script Processing.

MITRE ATT&CK Evaluations

In 2018, MITRE ATT&CK launched the first round of the MITRE ATT&CK Evaluations in an effort to enable better communication between red teams, defenders, and management. Vendors of cybersecurity solutions have been using ATT&CK to measure and tune their capabilities; however, there was no neutral authority to transparently evaluate these solutions, until ATT&CK.

What makes the MITRE ATT&CK Evaluations appealing for testing is that it is based on known threat actor activity rather than just the hypothetical. ATT&CK emulates a known APT and tests a vendor’s capability to detect adversarial techniques and tactics as defined by the ATT&CK matrix.

(Source: https://attack.mitre.org/resources/attackcon/) Industry professionals from 19 countries and 135 organizations attended ATT&CKcon 2.0 in October 2019.
MITRE ATT&CK con 2.0 keynote talks can be viewed here: https://youtu.be/Xkzv53j39ug

MITRE Engenuity?

As of 2020, MITRE Engenuity, an independent nonprofit organization, will be managing the oversight of the MITRE ATT&CK Evaluations program.

Your MITRE ATT&CK Reading List

1. Introduction | What is MITRE ATT&CK?
2. Behind the Curtain | Who is MITRE?
3. ATT&CK Evaluations Round 2: APT29 | CyCraft Enters Round 2
4. ATT&CK Evaluations Round 2: APT29 | Complete Guide to Understanding Results
5. ATT&CK Evaluations Round 2: APT29 | CyCraft Results
6. ATT&CK Evaluations Round 3: FIN7 and Carbanak | CyCraft Enters Round 3

CyCraft at the MITRE ATT&CK Evaluations

Craft joined the second round of evaluations against APT29. CyCraft is the first Taiwanese cybersecurity firm to participate in the ATT&CK Evaluations as well as the youngest firm to ever participate. You can view our results against the APT29 Evaluation.

Follow Us

Blog | LinkedIn | Twitter | Facebook | CyCraft

When you join CyCraft, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs.

We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.

Additional Related Resources

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store